Ufo UFO-UAPWS suffers from SQL error reporting injection vulnerability (CNVD-2016-10770)

Ufo UFO-UAPWS Reporting System is an Internet solution for enterprises. A SQL reporting error injection vulnerability exists in UFIDA UFO-UAPWS. An attacker exploiting the vulnerability can view sensitive information, obtain database information, and cause information leakage...

Target Device Not Booting Up with message "No entry found in the database".

Targets are not booting in Provisioning Server. You can see the error during boot:No entry found in the database...

Enterprise Manager Install fails with Patched Database Error

Purpose If the Veeam Backup Enterprise Manager software is moved, or needs to be reinstalled and it was previously patched it errors out with the following error: Cause The SQL database that is being reused contains table entries that mark it as having been used with a newer version the version o...

Discuz! xxe 可破坏数据库结构，导致脏数据进入

简要描述： Discuz! xxe 可破坏数据库结构，导致脏数据进入.......dz太变态了，小引号也过滤了，妹的，没办法只能分析到这里，但是隐约感觉到，这里存在很大的风险，因为改变了系统模板风格，先发个福利，大家自己看吧 详细说明： 首先我们看文件: portalcpdiy.php（lines:301-324）: if submitcheck'importsubmit' $isinner = false; $filename = ''; if$POST'importfilename' $filename =...

Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities

Vulnerability Name: SQL injection Severity: Critical URL: http://localhost/dolibarr/user/fiche.php Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the entity parameter, and a database...

Dell Kace 1000 Systems Management Appliance多个SQL注入漏洞

BUGTRAQ ID: 65029 Dell Kace 1000 Systems Management Appliance是系统管理设备。 Dell Kace 1000 Systems Management Appliance 5.4.76847及其他版本没有正确过滤getUploadPath及getKBot SOAP方法的"macAddress"参数值，可导致注入任意SQL代码，从而操作SQL查询。 0 Dell Kace 1000 Systems Management Appliance 5.4.76847 厂商补丁： Dell ----...

Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/65029/info Dell Kace 1000 Systems Management Appliance is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to...

Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injections

Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injections source: https://www.securityfocus.com/bid/65029/info Dell Kace 1000 Systems Management Appliance is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input befor...

vBulletin 4.0.x SQL Injection

Exploit Title: vBulletin force Read Thread 0day Authors: n3tw0rk Contact: Mail:[email protected] Product: 4.0.x Software Version x.x.x Product Download: http://www.vbulletin.org/forum/showthread.php?t=241754&page=18 Google Dork: use your mind Homepage: d4tabase.com The exploit is caused due...

iCart Pro version 4.0.1 SQL Injection Vulnerability

iCart Pro version 4.0.1 appears to suffer from a remote SQL injection vulnerability. Exploit Title: vbcovor ICART SQLI Date: 25/01/2013 Authors: n3tw0rk Contact: Mail:email protected Product: iCart Pro Software Version 4.0.1 Product Download: http://www.vbcover.com/icart.php?do=product&productid=...

iCart Pro 4.0.1 SQL Injection

Exploit Title: vbcovor ICART SQLI Date: 25/01/2013 Authors: n3tw0rk Contact: Mail:[email protected] Product: iCart Pro Software Version 4.0.1 Product Download: http://www.vbcover.com/icart.php?do=product&productid=61 Google Dork: inurlicart.php Require Editting product access for SQL error...

Veeam ONE: No Collection Data within Monitor, or Collection Stops Updating.

Challenge Data collection stops within Veeam ONE Monitor, or there is no longer any new data from a certain point. Cause This is due to the following database error involving a lack of space in the primary file group for the database .mdf file. Here is a snippet from the Monitor Logs that you wil...

PHPWeb enterprise smart built Station system injection and repair-vulnerability warning-the black bar safety net

http://www.phpweb.net/down/class/index.php?myord=1 Directly into the tool can be run. Direct shangguan net: Database error: Invalid SQL: select from pwdowncon where iffb='1' and catid!=' 0' order by 1' desc limit 0,30 MySQL Error : 1 0 6 4 You have an error in your SQL syntax; check the manual...

VoiceCMS SQL Injection Vulnerability

Exploit for asp platform in category web applications Title : VoiceCMS Vulnerable to SQL Injection Vendor : http://www.voicecms.ca Found by : p0pc0rn Dork : intext:"Powered by VoiceCMS" SQL - Jet Engine Database Error ------------------------------- Parameter...

dedecms injection vulnerability affecting version 5. 3 – 5.5 Posted in php-vulnerability warning-the black bar safety net

Excerpt from: hacking notes dedecms5. 3 and 5. The 5-Series version, there is a major injection vulnerability, Please note the following offensive, only for research. Exploit this vulnerability to illegal activities, at your peril. Suppose domain name is: www. abc. com the attack steps are as...

LxBlog变量未初始化漏洞

Lxblog 是 PHPWind 开发的一套基于 PHP+MySQL 数据库平台架构的多用户博客系统，强调整站与用户个体间的交互，拥有强大的个人主页系统、独立的二级域名体系、灵活的用户模板系统、丰富的朋友圈和相册功能。 代码分析片段： =======================code================================== /user/tag.php ?php !functionexists'usermsg' && exit'Forbidden'; !inarray$type,$itemtype && exit;...

Discuz! 数据库错误信息xss bug

在文件include\dbmysqlerror.inc.php里代码: if$message $errmsg = "bDiscuz! info/b: $message\n\n"; ifisset$GLOBALS'DSESSION''discuzuser' $errmsg .= "bUser/b: ".htmlspecialchars$GLOBALS'DSESSION''discuzuser'."\n"; $errmsg .= "bTime/b: ".gmdate"Y-n-j g:ia", $timestamp + $GLOBALS'timeoffset' 3600."\n"; $errm...

WordPress Plugin Simple Forum 1.10 1.11 - SQL Injection

WordPress Plugin Simple Forum 1.10 1.11 - SQL Injection Simple Forum Version 1.10-1.11 SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAÄ°L : [email protected] Simple Forum - Version 1.10 Simple Forum - Version 1.10 - 2.1.3 Simple Forum - Version 1.11...

CVE-2007-1151

Cross-site scripting XSS vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error...

CVE-2007-0347

The iseow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" quote character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service database error via a ' character in certain messages, tickets, or Wiki entries...